b'           OFFICE OF\n    THE INSPECTOR GENERAL\n\n\nSOCIAL SECURITY ADMINISTRATION\n\n\n\n  PERFORMANCE INDICATOR AUDIT:\n  HEARINGS AND APPEALS PROCESS\n\n\n     May 2007    A-15-06-16113\n\n\n\n\nAUDIT REPORT\n\x0c                                    Mission\nBy conducting independent and objective audits, evaluations and investigations,\nwe inspire public confidence in the integrity and security of SSA\xe2\x80\x99s programs and\noperations and protect them against fraud, waste and abuse. We provide timely,\nuseful and reliable information and advice to Administration officials, Congress\nand the public.\n\n                                   Authority\nThe Inspector General Act created independent audit and investigative units,\ncalled the Office of Inspector General (OIG). The mission of the OIG, as spelled\nout in the Act, is to:\n\n  \xef\x81\xad Conduct and supervise independent and objective audits and\n    investigations relating to agency programs and operations.\n  \xef\x81\xad Promote economy, effectiveness, and efficiency within the agency.\n  \xef\x81\xad Prevent and detect fraud, waste, and abuse in agency programs and\n    operations.\n  \xef\x81\xad Review and make recommendations regarding existing and proposed\n    legislation and regulations relating to agency programs and operations.\n  \xef\x81\xad Keep the agency head and the Congress fully and currently informed of\n    problems in agency programs and operations.\n\n  To ensure objectivity, the IG Act empowers the IG with:\n\n  \xef\x81\xad Independence to determine what reviews to perform.\n  \xef\x81\xad Access to all information necessary for the reviews.\n  \xef\x81\xad Authority to publish findings and recommendations based on the reviews.\n\n                                     Vision\nWe strive for continual improvement in SSA\xe2\x80\x99s programs, operations and\nmanagement by proactively seeking new ways to prevent and deter fraud, waste\nand abuse. We commit to integrity and excellence by supporting an environment\nthat provides a valuable public service while encouraging employee development\nand retention and fostering diversity and innovation.\n\x0c                                        SOCIAL SECURITY\nMEMORANDUM\n\nDate:      May 17, 2007                                                            Refer To:\n\nTo:        The Commissioner\n\nFrom:      Inspector General\n\nSubject:   Performance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)\n\n\n           We contracted with PricewaterhouseCoopers, LLP (PwC) to evaluate 15 of the Social\n           Security Administration\xe2\x80\x99s (SSA) performance indicators established to comply with the\n           Government Performance and Results Act. The attached final report presents the\n           results of three of the performance indicators PwC reviewed. For the performance\n           indicators included in this audit, PwC\xe2\x80\x99s objectives were to:\n              \xe2\x80\xa2   Assess the effectiveness of internal controls and test critical controls over data\n                  generation, calculation, and reporting processes for the specific performance\n                  indicator.\n              \xe2\x80\xa2   Assess the overall reliability of the performance indicator\xe2\x80\x99s computer processed\n                  data. Data are reliable when they are complete, accurate, consistent and not\n                  subject to inappropriate alteration.\n              \xe2\x80\xa2   Test the accuracy of results presented and disclosed in SSA\xe2\x80\x99s Fiscal Year 2006\n                  Performance and Accountability Report.\n              \xe2\x80\xa2   Assess if the performance indicator provides a meaningful measurement of the\n                  program it measures and the achievement of its stated objective.\n\n           This report contains the results of the audit for the following indicators:\n\n              \xe2\x80\xa2   Number of SSA hearings processed.\n              \xe2\x80\xa2   Average processing time for SSA hearings.\n              \xe2\x80\xa2   Average processing time for hearings appeals.\n\x0cPage 2 \xe2\x80\x93 The Commissioner\n\n\nPlease provide within 60 days a corrective action plan that addresses each\nrecommendation. If you wish to discuss the final report, please call me or have your\nstaff contact Steven L. Schaeffer, Assistant Inspector General for Audit, at\n(410) 965-9700.\n\n\n\n\n                                                  Patrick P. O\xe2\x80\x99Carroll, Jr.\n\nAttachment\n\x0cMEMORANDUM\n\nDate:      May 3, 2007\n\nTo:        Inspector General\n\nFrom:      PricewaterhouseCoopers, LLP\n\nSubject:   Performance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)\n\nOBJECTIVE\nThe Government Performance and Results Act (GPRA) 1 of 1993 requires the Social\nSecurity Administration (SSA) to develop performance indicators that assess the\nrelevant service levels and outcomes of each program activity. 2 GPRA also calls for a\ndescription of the means employed to verify and validate the measured values used to\nreport on program performance. 3\n\nOur audit was conducted in accordance with generally accepted government auditing\nstandards for performance audits. For the performance indicators included in this audit,\nour objectives were to:\n\n           1. Assess the effectiveness of internal controls and test critical controls over the\n              data generation, calculation, and reporting processes for the specific\n              performance indicator.\n\n           2. Assess the overall reliability of the performance indicator\xe2\x80\x99s computer\n              processed data. Data are reliable when they are complete, accurate,\n              consistent and not subject to inappropriate alteration. 4\n\n           3. Test the accuracy of results presented and disclosed in SSA\xe2\x80\x99s Fiscal Year\n              (FY) 2006 Performance and Accountability Report (PAR).\n\n           4. Assess if the performance indicator provides a meaningful measurement of\n              the program it measures and the achievement of its stated objective.\n\n\n\n\n1\n Public Law Number 103-62, 107 Stat. 285 (codified as amended in scattered sections of 5 United States\nCode (U.S.C.), 31 U.S.C. and 39 U.S.C.).\n2\n    31 U.S.C. \xc2\xa7 1115(a)(4).\n3\n    31 U.S.C. \xc2\xa7 1115(a)(6).\n4\n Government Accountability Office (GAO), GAO-03-273G, Assessing Reliability of Computer Processed\nData, October 2002, p. 3.\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                          1\n\x0cBACKGROUND\nWe audited the following performance indicators as stated in SSA\xe2\x80\x99s FY 2006 PAR:\n\n                Performance                             FY 2006        FY 2006 Reported\n                  Indicator                              Goal               Results\n    Number of SSA Hearings Processed 5                  560,000             558,978\n    Average Processing Time for SSA\n                                                        467 days           483 days\n    Hearings 6\n    Average Processing Time for Hearings\n                                                        242 days           203 days\n    Appeals 7\n\nSSA administers the Old-Age and Survivors Insurance (OASI), Disability Insurance (DI)\nand Supplemental Security Income (SSI) programs. The OASI program, authorized by\nTitle II of the Social Security Act, provides income for eligible workers and for eligible\nmembers of their families and survivors. 8 The DI program, also authorized by Title II of\nthe Social Security Act, provides income for eligible workers who have qualifying\ndisabilities and for eligible members of their families before those workers reach\nretirement age. 9 The SSI program, authorized by Title XVI of the Social Security Act, is\na needs-based program providing income to aged, blind, and/or disabled individuals\nwith limited income and resources. 10\n\nTo determine eligibility for both Title II and Title XVI programs, applicants must first file a\nclaim with SSA. This is typically accomplished through an appointment in 1 of SSA\'s\napproximately 1,300 field offices (FO), through the SSA telephone network, or online via\nthe Internet Social Security Benefit Application. Interviews with the applicants are\nconducted by FO personnel via the telephone or in person to determine the applicants\xe2\x80\x99\nnon-medical eligibility. When applicants are filing for benefits based on disability, basic\nmedical information concerning the disability, medical treatments and identification of\ntreating sources (e.g. a Doctor\'s office) is obtained.\n\nAfter applicants submit claims, they receive an initial determination of benefits. If a\nclaimant disagrees with the initial determination, they may appeal within 60 days of\n\n\n\n\n5\n    SSA, PAR FY 2006 p. 75.\n6\n    Id. p. 78.\n7\n    Id. p. 78.\n8\n    The Social Security Act, \xc2\xa7\xc2\xa7 201-234, 42 U.S.C. \xc2\xa7\xc2\xa7 401-434.\n9\n    Id.\n10\n     The Social Security Act, \xc2\xa7\xc2\xa7 1601-1637, 42 U.S.C. \xc2\xa7\xc2\xa7 1381-1383f.\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                   2\n\x0cnotification (plus 5 days for mailing purposes). During FY 2006, SSA\xe2\x80\x99s appeals program\nprovided four levels of appeal for claimants: 11 12\n\n      \xe2\x80\xa2   Reconsideration;\n      \xe2\x80\xa2   Hearing;\n      \xe2\x80\xa2   Appeals Council (AC) Review; and,\n      \xe2\x80\xa2   Federal District Court.\n\nReconsideration\nThe first level of appeal was a reconsideration. 13 The Disability Determination Service\nwill make a determination based on the available information when the claimant files for\na reconsideration of an initial medical determination. All of the evidence initially\nsubmitted by the claimant, and any new evidence, was re-evaluated during the\nreconsideration process. The determination of eligibility for benefits was made, and the\nclaimant was notified of the reconsideration decision. Upon receiving the\nreconsideration decision, the claimant could request a hearing if they disagreed with the\nreconsideration decision. 14\n\nHearing\nThe second level of appeal was a hearing conducted by an Administrative Law Judge\n(ALJ), in the Office of Disability Adjudication and Review (ODAR). The ALJ reviewed all\nthe information related to the claim and made a hearing decision/dismissal. Upon\nreceipt of the hearing decision, the claimant could request an AC review if they\ndisagreed with the hearing decision/dismissal. 15\n\nAC Review\nThe AC evaluated all requests for review to determine if the requests were sufficient to\nrequire an AC level review. If the AC accepted the request for review, the AC either\ncompleted the review or remanded the case to an ALJ for further review. If the AC\nrejected the request for review, the AC indicated agreement with the ALJ\'s hearing\ndecision. The claimant was notified of the AC\'s evaluation of the request for review, as\nwell as the results of the AC review (if the request was reviewed by the AC). If the\nclaimant disagreed with the AC\'s decision they could file in a Federal District Court. 16\n\n11\n     The Social Security Act, \xc2\xa7\xc2\xa7 205 and 1631, 42 U.S.C. \xc2\xa7\xc2\xa7 405 and 1383.\n12\n  SSA\'s appeal program is in the process of being modified. Refer to Social Security Regional\nCommissioner\'s Bulletin, May 19, 2006, No: 06-02.\n13\n  Social Security Regional Commissioner\'s Bulletin, May 19, 2006, No: 06-02. In FY 2006, 10 States\nremoved the reconsideration phase. If a claimant disagreed with the initial determination in these States,\nthe claimant would appeal to the hearings level, bypassing the reconsideration phase.\n14\n     Program Operations Manual System (POMS): GN 03102.000 The Reconsideration Process.\n15\n  Hearings, Appeals and Litigation Law Manual (HALLEX), Volume I, Division 2. Administrative Law\nJudge Hearings.\n16\n     HALLEX, Volume I, Division 3. Appeals Council Review.\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                              3\n\x0cFederal District Court\nThe Federal District Court could remand the court case to SSA\xe2\x80\x99s Commissioner for\nfurther consideration, or dismiss the case. If remanded to the Commissioner, the AC,\nacting on behalf of the Commissioner, could make a decision or remand the case to an\nALJ. 17\n\nRESULTS OF REVIEW\nOur assessment of the three indicators included in this report identified issues with\ninternal controls. For the indicators, Number of SSA Hearings Processed and Average\nProcessing Time for Hearings, the Case Processing and Management System (CPMS)\ndid not require the entry of a date of death to close a case, and weaknesses were found\nin the configuration of UNIX operating systems that contains information used to\ncalculate the performance indicator results.\n\nHowever, for the indicator, Average Processing Time for Hearings Appeals, we noted\nissues with internal controls and the data reliability over the Appeals Council Automated\nProcessing System (ACAPS) application.\n\nNumber of SSA Hearings Processed\n\nIndicator Background\n\nThe performance indicator measured the number of SSA hearings processed by ODAR.\nIf a claimant disagreed with the initial determination of benefits and reconsideration, the\nclaimant could submit a request for hearing through an SSA FO or the Teleservice\nCenter.\n\nThe disposition of benefits was determined after a claim had been through the hearings\nprocess. The disposition was entered into CPMS, which automatically established a\ndisposition date for the claim.\n\nThe performance indicator was calculated from the CPMS Management Information\n(CPMS MI) system in the Monthly Activity Report (MAR) and Caseload Analysis Report\n(CAR). SSA personnel used the number of dispositions included in the CAR to\ndetermine the number of SSA hearings processed within a reporting period.\n\n\n\n\n17\n     HALLEX, Volume I, Division 2. Administrative Law Judge Hearings.\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)               4\n\x0cPerformance Indicator Calculation\n\n                                                      Sum of the 12 months (October 1,\n                                                      2005 through September 29, 2006)\n         Number of SSA Hearings\n                                                =     of dispositions entered into CPMS\n              Processed\n                                                      during the reporting period.\n\n\nFindings\n\nInternal Controls and Data Reliability\n\nDuring the prior audit, 18 we found it was not necessary to enter a date of death in CPMS\nto close a case based on death. This created the potential for open cases to be\nimproperly classified as processed due to death in CPMS. As a result, the number of\nprocessed hearings could have been overstated in the PAR. Per SSA management,\nthis edit deficiency is scheduled to be addressed in the June 2007 release of CPMS.\n\nFinally, our review of the two CPMS UNIX systems identified nine security and\ncompliance issues. This review was conducted on the SSA developed UNIX Risk\nModel configuration standard, National Institute of Standards and Technology (NIST)\nguidelines 19 and the Defense Information Security Agency (DISA) Security Technical\nImplementation Guides (STIGS). 20\n\nWe were able to recalculate the interim and year-end indicator results and found them\nto be substantially accurate. 21 Despite these internal control weaknesses, we were able\nto determine that the data used to calculate this performance indicator was reliable.\n\nWe did not identify any significant exceptions related to the meaningfulness of this\nindicator or disclosure of the information related to this indicator contained in the PAR.\n\nAverage Processing Time for SSA Hearings\n\nIndicator Background\n\nThe performance indicator measured the average processing time for SSA hearings\nprocessed by ODAR. As discussed earlier, if a claimant disagreed with the initial\n\n\n18\n     Performance Indicator Audit: Hearings and Appeals Process (January 2006 A-15-05-15113).\n19\n     The NIST guidelines 800-18 Section 6.MA.2 were used to perform the review.\n20\n     The DISA STIGS Security Checklist version 4R4, Section 3.8 was used to perform the review.\n21\n  The PwC year end recalculation of the performance indicator Number of SSA Hearings Processed was\n552,742 records. This number differs by approximately 1 percent from the actual calculation of 558,978\nrecords reported in the FY 06 PAR. For the purposes of this audit, this difference is deemed immaterial.\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                            5\n\x0cdetermination of benefits and the reconsideration, he/she could submit a request for\nhearing through an SSA FO or the Teleservice Center.\n\nIf the claimant requested a hearing through an SSA FO, the request for hearing was\nentered by a claims representative using the Modernized Claims System (MCS) or the\nModernized Supplemental Security Income Claims Systems (MSSICS). After the\nrequest for hearing was entered, case data was transferred from MCS or MSSICS into\nCPMS. This process is known as the auto-establish process. The date the case is\nauto-established into CPMS is the case "start date." If the claimant requested a hearing\nthrough the Teleservice Center, the HA-501 form, Request for Hearing by\n\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)              6\n\x0cAdministrative Law Judge, was completed and submitted by the claimant to SSA. In\nthis instance, the case "start date" would be derived from the HA-501 form.\n\nThe disposition of benefits was determined after a claim has been through the hearings\nprocess. The disposition was entered into CPMS, which automatically established a\ndisposition date for the claim.\n\nThe performance indicator was calculated from data contained in the MAR and CAR.\nThe CAR displays the average processing time for SSA hearings as noted on the next\npage.\n\nPerformance Indicator Calculation\n\n                                               Sum of the 12 months (October 1,\n                                               2005 through September 29, 2006)\nTotal Processing Time for Hearings        =\n                                               of the hearing offices\xe2\x80\x99 processing\n                                               time.\n\n                                               Sum of the 12 months (October 1,\n  Total Dispositions for Hearings         =    2005 through September 29, 2006)\n                                               of dispositions for hearings.\n\n                                                     Total Processing Time for\n Average Processing Time for SSA                       Hearings in FY 2006\n                                          =\n            Hearings                                   Total Dispositions for\n                                                       Hearings in FY 2006\n\nProcessing time was defined as the number of days from the "hearing request date (or\nreopened date or remand date)" to the "disposition date."\n\nFindings\n\nInternal Controls and Data Reliability\n\nOur findings related to this indicator are identical to those noted under the indicator\nNumber of SSA Hearings Processed. Please refer to page 5.\n\nWe were able to recalculate the interim and year-end indicator results and found them\nto be accurate. Despite these internal control weaknesses noted on page 5, we were\nable to determine that the data used to calculate this performance indicator was reliable.\n\nWe did not identify any significant exceptions related to the meaningfulness of this\nindicator or disclosure of the information related to this indicator contained in the PAR.\n\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                 7\n\x0cAverage Processing Time for Hearings Appeals\n\nIndicator Background\n\nThe hearings appeals process begins when the application for benefits has been denied\nat the initial, reconsideration, and hearing levels. The claimant can file for AC review by\nusing Form HA-520-U5, Request for Review of Hearing Decision/Order. Completed\nHA-520-U5 forms are submitted to an SSA FO. If legal counsel is submitting the appeal\non behalf of the claimant, a letter can be submitted to SSA indicating the request for\nappeal. The start date for the hearing appeal was derived either from the date indicated\non the HA-520-U5 form or the date indicated on the appeals request letter. This date\nwas entered into ACAPS as the start date for the hearing appeal. Processing time\nbegan when the hearing appeal was entered into ACAPS.\n\nOnce an appeal was received, applicable case data was transferred from CPMS to\nACAPS. If the case could not be found in CPMS, the case data was entered manually\ninto ACAPS. An analyst prepared and entered an action document that summarized all\nthe relevant case information and a decision recommendation into ACAPS. The\ndecision recommendation and action document were reviewed by the Administrative\nAppeals Judge (AAJ). If the AAJ did not accept the recommendation or action\ndocument, the case was sent back to the analyst or remanded to an ALJ for further\nreview and research. If the AAJ agreed with the action document and recommendation,\na denial, dismissal or favorable decision was entered as the final disposition into\nACAPS. Processing time ended when the disposition was entered into ACAPS. 22\nThe performance indicator results were calculated from the Monthly Office of Appellate\nOperations (OAO) - Wide Processing Time Report. This report contained the total\nnumber of dispositions issued during a reporting period and the average processing\ntime for issuing dispositions. Each month, the number of dispositions issued and\naverage processing time data from the OAO - Wide Processing Time Report was\nentered into the FY Average Processing Time Excel file which calculated the\nperformance indicator results.\n\n\n\n\n22\n  The disposition is entered the day the decision is date stamped, released, and mailed. SSA,\nPAR FY 2006 p. 79.\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                       8\n\x0cPerformance Indicator Calculation\n\n                               Total number of calendar days from the start date 23 to the end\nAverage Monthly                   date 24 for each disposition issued in the reporting month\n                =\nProcessing Time                                The number of dispositions issued\n                                                  within the reporting month\n\n   Total Monthly                                                     The number of dispositions\n                                   The average monthly\n Processing Time =                                              X    issued within the reporting\n                                     processing time\nof Hearing Appeals                                                             month\n\n\n\n                                          The sum of total monthly processing time\n Average Number                               of hearing appeals for FY 2006\nof Days Needed to\n                           =\nProcess Hearings\n    Appeals 25                                    The number of dispositions\n                                                     issued for FY 2006\n\n\nFindings\n\nInternal Controls and Data Reliability\n\nDuring a prior audit, we identified and reported significant deficiencies for ACAPS. PwC\nwas informed by SSA management during this audit that these deficiencies had not\nbeen corrected. The following deficiencies had not been addressed by SSA\nmanagement:\n\n      1. User ID and password settings were inadequate. Passwords were only required\n         to be three characters in length, were allowed to be the same as the user ID, and\n         user IDs and passwords were stored in a nonencrypted file within the\n         applications. Additionally, there was no user ID lockout after invalid attempts to\n         sign-on to the applications. This could have allowed unauthorized users to\n         repeatedly attempt to log into the applications. Security incident reports and\n         error logs were not generated by the applications and therefore could not be\n         monitored by management. As a result, security violations and data\n\n23\n  The start date was derived from the request for review HA-520-U5 form or letter used to request the\nreview.\n24\n     The end date was captured in ACAPS when the final disposition was entered into the system.\n25\n  Due to system limitations, ACAPS cannot automatically calculate the year-end performance indicator\nresult. The year-end performance indicator result was manually calculated using the following system-\ngenerated reports: Average Monthly Processing Time and number of dispositions issued within each\nmonth.\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                               9\n\x0c   2. errors/irregularities may have occurred without management detection or\n      investigation.\n   3. We found that duplicate cases could be created in ACAPS if all identifying fields\n      were not present when inputting the case. This could create duplicate counts of\n      AC reviews.\n\nDuring this year\'s audit we received an update from SSA management on the current\nstatus of the ACAPS findings from the prior audit. SSA\'s management provided the\nfollowing response to the current status of the findings:\n\n       \xe2\x80\x9cAppeals Council Automated Processing System (ACAPS) is an old\n       stand-alone system that will eventually be replaced. In order to make\n       any changes to this system, SSA would have to redirect systems\n       resources that are being used for critical Case Processing and\n       Management System (CPMS) enhancements. This would have a\n       negative impact on the SSA hearings workload, so we are only\n       considering operations essential changes to ACAPS at this time.\xe2\x80\x9d\n\nWe were able to recalculate the interim and year-end indicator results and found them\nto be accurate. However, based on the internal control findings noted before, we could\nnot consider the data to be reliable.\n\nWe did not identify any significant exceptions related to the meaningfulness of this\nindicator or disclosure of the information related to this indicator contained in the PAR.\n\nGeneral Findings\n\nWe previously identified issues related to the general controls at the ODAR office space\nin Falls Church, Virginia. These issues were reported in the OIG report, Performance\nIndicator Audit: Hearings and Appeals Process (A-15-05-15113), issued in\nJanuary 2006.\n\nDuring our FY 2006 general controls testing, we once again found that visitors to the\nODAR space were not required to sign-in upon entry. In addition, there were no\nsecurity guards at the entrance of the ODAR space. Management stated that security\nguards are in place throughout the facility, however during the course of fieldwork we\ndid not note the presence of any guards. It should be noted that the ODAR space is\nlocated in a multi-tenant, privately owned building, and ODAR management does not\nhave complete control over the physical security of the building. In addition, to gain\naccess to the ODAR space a key card was required.\n\nWe recommended in the January 2006 report that ODAR \xe2\x80\x9cEnsure all visitors were\nrequired to sign in upon entry to restrict visitor access to the OHA buildings.\xe2\x80\x9d SSA\'s\nmanagement provided the following response to these findings and recommendation in\nthe January 2006 audit report:\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)               10\n\x0c          \xe2\x80\x9cWe agree. The ODAR Headquarters building security could be\n          improved. ODAR is working in conjunction with the Department of\n          Justice to provide security enhancements at the ODAR facility in Falls\n          Church, Virginia to bring the building in compliance with Level IV federal\n          standards.\xe2\x80\x9d 26\n\nRECOMMENDATIONS\nSpecific to performance indicators, Number of SSA Hearings Processed and Average\nProcessing Time for SSA Hearings we recommend SSA management:\n\n      1. Enhance application input edits within CPMS, including controls to prevent users\n         from disposing of cases due to death without entering a date of death.\n      2. Ensure that the CPMS UNIX systems are configured to be in compliance with\n         the SSA UNIX Risk Model and Government guidelines from NIST and DISA.\n\nSpecific to the performance indicator, Average Processing Time for Hearings Appeals\nwe recommend 27 SSA management:\n\n      3. Strengthen password parameters in ACAPS to require encryption of the\n         passwords, lockout of users accounts after a set number of failed log in\n         attempts, the use of alphanumeric passwords and passwords with a minimum of\n         eight characters.\n      4. Strengthen the ACAPS application to include security incident reports for\n         tracking inappropriate access attempts to ACAPS.\n      5. Generate error logs for ACAPS activities to ensure timely identification and\n         follow-up of data entry errors.\n      6. Require ACAPS users to enter all identifying fields to prevent duplicate cases.\n\nAGENCY COMMENTS\n\nSSA agreed with recommendation number 1 and partially agreed with recommendation\nnumber 2. SSA stated that it disagreed with recommendation numbers 3, 4, 5, and 6;\nhowever, the actions planned by SSA show agreement with the intent of these\nrecommendations.\n\n\n\n\n26\n     Performance Indicator Audit: Hearings and Appeals Process (A-15-05-15113), January 2006, p. E-2.\n27\n  If SSA management replaces the ACAPS system, the new system should include the\nrecommendations noted for ACAPS.\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                           11\n\x0cPWC RESPONSE\n\nIn response to recommendation 2, we believe the approach that SSA has taken to\naddress the risk presented by this finding is appropriate. In addition, we have modified\nthe footnote on page 6 to exclude NIST 5153.\n\nIn regard to recommendation numbers 3, 4, 5, and 6, PwC continues to recommend that\nSSA strengthen password parameters, include and monitor a security incident report,\ngenerate error logs, and require users to enter all fields to prevent duplicate cases since\nthe ACAPS data is used for calculation of the indicator results. However, in lieu of\nmaking these changes to ACAPS, SSA should ensure that the ACAPS replacement\nsystem is configured with the appropriate security controls. We support SSA\xe2\x80\x99s plan to\nreplace the ACAPS system and OIG plans to verify implementation as part of its on-\ngoing work. We would not expect SSA to make these changes to a system that is being\nreplaced, but would expect the recommendations to be included in the new system, as\nstated in footnote 27.\n\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)               12\n\x0c                                           Appendices\nAPPENDIX A \xe2\x80\x93 Acronyms\n\nAPPENDIX B \xe2\x80\x93 Scope and Methodology\n\nAPPENDIX C \xe2\x80\x93 Process Flowcharts\n\nAPPENDIX D \xe2\x80\x93 Agency Comments\n\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)\n\x0c                                                                            Appendix A\nAcronyms\n   AAJ         Administrative Appeals Judge\n   AC          Appeals Council\n   ACAPS       Appeals Council Automated Processing System\n   ALJ         Administrative Law Judge\n   CAR         Caseload Analysis Report\n   CIS         Case Intake Specialist\n   CPMS        Case Processing and Management System\n   CPMS MI     Case Processing and Management System Management Information\n   DI          Disability Insurance\n   DISA        Defense Information Security Agency\n   EDCS        Electronic Disability Case System\n   FO          Field Office\n   FY          Fiscal Year\n   GAO         Government Accountability Office\n   GPRA        Government Performance and Results Act\n   HALLEX      Hearings, Appeals and Litigation Law Manual\n   MAR         Monthly Activity Report\n   MCS         Modernized Claims System\n   MSSICS      Modernized Supplemental Security Income Claims Systems\n   NIST        National Institutes of Standard and Technology\n   OAO         Office of Appellate Operations\n   OASI        Old-Age and Survivors Insurance\n   ODAR        Office of Disability Adjudication and Review\n   OSM         Office of Strategic Management\n   OTR         On The Record\n   PAR         Performance and Accountability Report\n   RH          Request for Hearing\n   SCT         Senior Case Technician\n   SSA         Social Security Administration\n   SSI         Supplemental Security Income\n   SSPP        Standardized Security Profile Project\n   STIGS       Security Technical Implementation Guides\n   U.S.C.      United States Code\n\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)\n\x0c                                                                            Appendix B\nScope and Methodology\nWe updated our understanding of the Social Security Administration\xe2\x80\x99s (SSA)\nGovernment Performance and Results Act (GPRA) processes. This was completed\nthrough research and inquiry of SSA management. We also requested SSA to provide\nvarious documents regarding the specific programs being measured as well as the\nspecific measurement used to assess the effectiveness and efficiency of the related\nprogram.\n\nThrough inquiry, observation, and other substantive testing, including testing of source\ndocumentation, we performed the following:\n\n   \xe2\x80\xa2   Reviewed prior SSA, Government Accountability Office, and other reports related\n       to SSA GPRA performance and related information systems.\n   \xe2\x80\xa2   Reviewed applicable laws, regulations, and SSA policy.\n   \xe2\x80\xa2   Met with the appropriate SSA personnel to confirm our understanding of each\n       individual performance indicator.\n   \xe2\x80\xa2   Flowcharted the processes. (See Appendix C).\n   \xe2\x80\xa2   Tested key controls related to manual or basic computerized processes (e.g.,\n       spreadsheets, databases, etc.).\n   \xe2\x80\xa2   Conducted and evaluated tests of the automated and manual controls within and\n       surrounding each of the critical applications to determine whether the tested\n       controls were adequate to provide and maintain reliable data to be used when\n       measuring the specific indicator.\n   \xe2\x80\xa2   Identified attributes, rules, and assumptions for each defined data element or\n       source document.\n   \xe2\x80\xa2   Recalculated the metric or algorithm of key performance indicators to ensure\n       mathematical accuracy.\n   \xe2\x80\xa2   For those indicators with results that SSA determined using computerized data,\n       we assessed the completeness and accuracy of that data to determine the data\'s\n       reliability as it pertains to the objectives of the audit.\n   \xe2\x80\xa2   Performed a follow-up general computer control review as it relates to the Office\n       of Disability Adjudication and Review.\n\nAs part of this audit, we documented our understanding, as conveyed to us by Agency\npersonnel, of the alignment of the Agency\xe2\x80\x99s mission, goals, objectives, processes, and\nrelated performance indicators. We analyzed how these processes interacted with\nrelated processes within SSA and the existing measurement systems. Our\nunderstanding of the Agency\xe2\x80\x99s mission, goals, objectives, and processes were used to\ndetermine whether the performance indicators being used appear to be valid and\nappropriate given our understanding of SSA\xe2\x80\x99s mission, goals, objectives and processes.\n\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)             B-1\n\x0cWe followed all performance audit standards in accordance with generally accepted\ngovernment auditing standards. In addition to the steps previously noted, we\nspecifically performed the following to test the indicators included in this report:\n\nNUMBER OF SSA HEARINGS PROCESSED\n\n   \xe2\x80\xa2   Inspected 60 HA-501 forms, Request for Hearing by Administrative Law Judge,\n       to ensure the start date was included in the Case Processing and Management\n       System (CPMS) completely and accurately.\n   \xe2\x80\xa2   Inspected 60 HA-5051-U3 forms, Transmittal of Decision or Dismissal by\n       Administrative Law Judge, to ensure the mail date was included in CPMS\n       completely and accurately.\n   \xe2\x80\xa2   Re-performed the calculation of the number of hearings processed and average\n       processing time.\n   \xe2\x80\xa2   Determined the adequacy of the programming logic used by SSA to calculate the\n       Number of SSA Hearings Processed and the Average Processing Time for SSA\n       Hearings.\n   \xe2\x80\xa2   Obtained the status of prior year issues.\n\nAVERAGE PROCESSING TIME FOR SSA HEARINGS\nThe same tests were performed for this indicator as were for the Number of SSA\nHearings Processed.\n\nAVERAGE PROCESSING TIME FOR HEARINGS APPEALS\n\n   \xe2\x80\xa2   Re-performed the calculation of the Average Processing Time for Hearings\n       Appeals.\n   \xe2\x80\xa2   Observed Appeals Council Automated Processing System code for\n       reasonableness.\n   \xe2\x80\xa2   Obtained the status of prior year issues.\n\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)              B-2\n\x0c                                                                                                                      Appendix C\n\nFlowchart of Number of SSA Hearings Processed\nand Average Processing Time for SSA Hearings\n                                                                                                        Prototype States (10 states)\n Initial decision received by claimant\n     for Title II or Title XVI benefits\n\n\n                                                                                                               Initial decision\n Claimant asks for redetermination                                                                               received by\n      of SSA\xe2\x80\x99s initial decision                                                                                    claimant\n\n\n\n\n          Did SSA agree with                     SSA reverses their\n                                          No                                   End\n         their initial decision?                   initial decision\n\n\n\n                  Yes\n\n      Claimant receives SSA\xe2\x80\x99s\n      redetermination decision\n\n\n\n\n             Request for\n                                    No            End\n            hearing (RH)?\n\n\n\n                  Yes\n\n                                                                        The claimant is\n                                               Claimant requests       asked about their           Should the Teleservice\n           RH filed through\n                                     No            hearing via          appeal over the          Center send the claimant a\n           any SSA office?\n                                               Teleservice Center        phone by the             HA-501 form to complete\n                                                                      Teleservice Center                and submit?\n\n                  Yes\n\n               Claimant\n             receives HA-                                                                                                            No\n            501 Form from\n                office                                                                Yes\n\n\n              Claimant                            The Teleservice                                     An admin message is sent to the\n          completes HA-501                        Center sends the                                    Field Office (FO) to have the FO\n           Form and sends                         claimant the HA-                                     contact the claimant to help in\n              RH to FO                                501 Form                                             filing the HA-501 form.\n\n\n       The start day is derived\n     from the RH HA-501 Form\n         (HALLEX I-2-0-50).\n\n\n\n\n        FO forwards the Case File (CF) to the Hearing Office (HO) for processing if the appeal was filed within the appeals period\n\n\n\n                                                                      A\n\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                                                                 C-1\n\x0c                                                         A\n\n\n\n\n  Claim is auto established from Modernized Claims System (MCS) / Modernized Supplemental Security Income\n   Claims System (MSSICS) using the Electronic Disability Case System (EDCS) or the Case Intake Specialist\n                          (CIS) / Senior Case Technician (SCT) enters claim into CPMS\n\n\n\n\n        Clerk reviews\n          claim and\n      determines if the\n     claim is eligible for\n       early screening\n\n\n\n       Management\n      assigns claim to\n     an Administrative\n     Law Judge (ALJ)\n\n\n\n\n                                      No                   Dismissed\n                                                                                       Written decision/\n     Will ALJ conduct                                                                  dismissal entered\n          hearing?                                                                      into CPMS and\n                                                                                        sent to claimant\n                                                      ALJ determines to\n                                                       pay claim on the\n                                      No                record (OTR)\n                                                      (Expedite without\n             Yes                                           hearing)\n\n\n\n      Hearing is held\n       and case is\n        explained\n\n\n\n\n                                Support staff enters                 Clerk enters\n                                disposition data into                                        Decision letter and a copy of\n        ALJ issues a                                               disposition date\n                              CPMS for SSA cases. The                                        the ALJ\xe2\x80\x99s decision is sent to\n          decision                                                and mail date into\n                               ALJ will verify favorable                                               claimant\n                                                                        CPMS\n                                decisions in CPMS.\n\n\n\n\n   Monthly Activity Report\n     (MAR) / Caseload                 MAR / CAR is                                            OSM adds data to\n  Analysis Report (CAR) is                                           CAR data is\n                                      posted to the                                           the tracking report\n    produced by CPMS                                              forwarded to OSM\n                                        Intranet                                                (Falls Church)\n\n\n\n\n                                 Performance Measure Calculation:\n                     Calendar Days from Hearing Request to Disposition Mail Date                                                  Reporting of\n                                    Total Number of Dispositions                                                                  performance\n                                                                                                  Performance\n                                                                                                                             indicators Number of\n                                                                                                 owner review of\n                                                                                                                                 SSA Hearings\n                                                                                                  the indicator\n                                                                                                                                Processed and\n                                                                                                     results\n                                                                                                                              Average Processing\n                                                                                                                               Time for Hearings\n                                 Performance Measure Calculation:\n                              Total of the number of hearings processed\n\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                                                                       C-2\n\x0cNumber of SSA Hearings Processed and Average Processing Time for SSA\nHearings\n\n\xe2\x80\xa2   Initial decision of benefits is received by claimant.\n\xe2\x80\xa2   The claimant asks for redetermination of SSA\xe2\x80\x99s initial decision.\n              o If SSA disagrees with their initial decision, SSA will reverse their initial\n                  decision and the process ends.\n              o If SSA agrees with their initial decision, the redetermination decision is\n                  sent to the claimant.\n\xe2\x80\xa2   After the redetermination decision is received by the claimant they may file a Request\n    for Hearing (RH). If they do not, the process ends.\n\xe2\x80\xa2   The request for hearing can be filed through any SSA office or the form can be sent to\n    the claimant by mail.\n              o The claimant requests a hearing via the Teleservice Center.\n              o The claimant is asked about their appeal over the phone by the\n                  Teleservice Center.\n              o If the Teleservice Center believes that the claimant should be assisted in\n                  completing the HA-501 form, an administrative message is sent to the FO\n                  to have the FO contact the claimant to help in filing the HA-501 form.\n              o If the Teleservice Center believes that the claimant can file the HA-501\n                  form themselves the HA-501 form is mailed to the claimant.\n                      \xef\x82\xa7 The claimant completes the HA-501 form and sends the RH to the\n                         FO.\n\xe2\x80\xa2   The start date is established by using the RH in accordance with HALLEX I-20-0-50.\n\xe2\x80\xa2   The FO forwards the Case File to the Hearing Office for processing if the appeal was\n    filed within the appeals period.\n\xe2\x80\xa2   The claim is auto established from MCS/MSSICS using Electronic Disability Case\n    System (EDCS) or the Case Intake Specialist (CIS) / Senior Case Technician (SCT)\n    enters claim into CPMS.\n\xe2\x80\xa2   The clerk reviews the claim and determines if the claim is eligible for early screening.\n\xe2\x80\xa2   Management assigns the claim to an ALJ (Administrative Law Judge).\n\xe2\x80\xa2   The ALJ decides whether to conduct a hearing or not.\n              o If the ALJ does not conduct a hearing, the case may be dismissed or the\n                  ALJ can determine to pay the claim on the record (OTR - to expedite\n                  without a hearing).\n              o The written decision/dismissal is then sent to the claimant.\n\xe2\x80\xa2   If the ALJ decides to hear the case, the hearing is held and the case is explained.\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                C-3\n\x0c\xe2\x80\xa2   The ALJ issues a decision.\n\xe2\x80\xa2   Support staff enters disposition data into CPMS for SSA cases.\n\xe2\x80\xa2   The ALJ will verify favorable decisions in CPMS.\n\xe2\x80\xa2   The clerk enters the disposition date and mail date of the case into CPMS.\n\xe2\x80\xa2   A decision letter and a copy of the ALJ\'s decision are sent to the claimant.\n\xe2\x80\xa2   The Monthly Activity Report (MAR) / Caseload Analysis Report (CAR) are produced\n    by CPMS.\n\xe2\x80\xa2   MAR/CAR are posted to the SSA Intranet.\n\xe2\x80\xa2   CAR data is forwarded to the Office of Strategic Management (OSM).\n\xe2\x80\xa2   OSM adds data from the CAR to the tracking report.\n\xe2\x80\xa2   Performance Measure Calculation: Total number of SSA hearings processed.\n\xe2\x80\xa2   Performance Measure Calculation: Calendar days from Hearing Request to\n    Disposition Mail Date for all dispositions issued / Total Number of Dispositions issued.\n\xe2\x80\xa2   The performance owner reviews the indicator results.\n\xe2\x80\xa2   The reporting of the performance indicators Number of SSA Hearings Processed and\n    Average Processing Time for SSA Hearings.\n\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                C-4\n\x0cFlowchart of Average Processing Time for Hearings\nAppeals\n  Application for benefits has been\n denied at the initial, reconsideration,\n         and hearing levels\n\n\n\n\n   Claimant has received denial or\n   dismissal of claim from the ALJ\n       in the hearings process\n\n\n\n\n          Claimant requests\n           Appeals Council             No   End\n            (AC) review?\n\n\n\n                  Yes\n\n   Claimant sends the HA-520-U5\n    or letter to the AC requesting\n       review (The start date is\n        derived from this form /\n        postmark of the letter)\n\n\n\n         HA-520-U5 or letter\n        requesting AC review\n\n\n\n\n           Appeals Council\n           receives request\n\n\n\n                  Yes\n\n\n            Support staff\n           enters data from\n           RR into ACAPS\n\n\n\n\n               ACAPS is\n          uploaded with data\n            from CPMS or\n           manually entered\n\n\n\n\n                   A\n\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)   C-5\n\x0c                 A\n\n\n\n\n                                         Pre-adjudicative actions may involve:\n                                         a missing folder/tape must be obtained;\n         Does support staff\n                                         duplicates of hearing tapes or exhibits of record are sent to the claimant/\n          need to take pre-      Yes\n                                         representative for review;\n        adjudicative actions?\n                                         representative is given extension of time to submit additional evidence;\n                                         development of \xe2\x80\x9cgood cause\xe2\x80\x9d for untimely filing of appeal is undertaken.\n\n\n                 No\n\n\n                                                                            Analyst prepares\n         Case is assigned                      Analyst reviews\n                                                                           analyst and action\n          to an analyst                             case\n                                                                               document\n\n\n\n\n           Analyst submits\n          recommendation\n         thru branch control\n             (to Appeals\n               Council)\n\n\n\n\n         Recommendation\n           is entered into\n         ACAPS by support               The recommendation and/or\n                staff                  action document not accepted\n                                       will be sent back to the analyst.\n\n\n\n\n       Recommendation and\n         action document is\n        reviewed by an AAJ\n\n\n\n\n                                                     No\n\n       Does the AAJ accept the\n     recommendation and action\n             document?\n\n\n\n                Yes\n\n\n          The AAJ signs the\n        recommendation and\n       action document if they\n               accept\n\n\n\n\n                 B\n\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                                              C-6\n\x0c                   B\n\n\n\n\n               Does the                               The second AAJ is                 Recommendation and\n                                                                                                                                Does the AAJ accept\n          action require the                          assigned within the                action document is\n                                          Yes                                                                                    the recommendation\n         concurrence of two                           branch based on an               reviewed by the second\n                                                                                                                                and action document?\n                AAJs?                                  assignment chart                          AAJ\n\n\n\n\n                  No                                                        Yes                                                                                 No\n\n\n\n\n                                                               Do both AAJs                           Both the initial AAJ              The second AAJ\n           AAJ(s) make(s)\n                                            Yes                 agree with                             and second AAJ                   sends a memo to\n           final disposition\n                                                                eachother?                             discuss the case                   the initial AAJ\n\n\n\n\n                                                The case is assigned to a third AAJ (Deputy\n                                                Chair of the AC or his designee) \xe2\x80\x93 The two\n                                                 AAJs who agree on the recommendation\n                                                become the A and B members and sign the\n                                                    recommendation/action document\n\n\n\n\n     Interim actions are        No, interim                   Was a denial,                 No, case remanded                  Administrative Law Judge\n    entered into ACAPS          action issued             dismissal or favorable            to an Administrative                 at the Hearing Office\n       and processed                                        decision issued??               Law Judge\n\n\n\n                                          Yes\n\n\n\n\n       Support staff enters data\n                                                      Number for                   Performance\n      (disposition type/date) into                                                                            Reporting of performance indicator Average\n                                                     performance                  owner review of\n          ACAPS and issues                                                                                       Number of Days Needed to Process\n                                                      measure is                   the indicator\n         disposition (releases                                                                                             Hearing Appeals\n                                                      generated                       results\n           action document)\n\n\n\n\n                                                                                                    Files are sent to a SSA\n                                                                         Case denied or                                                   Claimant can file a\n              Favorable                            What type of                                      Mega-Site for holding\n                                     No                                  unfavorable                                                       suit in a federal\n              decision?                            verdict was                                      pending a possible civil\n                                                                         decision                                                            district court\n                                                    issued?                                                  action\n\n\n                 Yes\n\n\n                                                                                                                                            Cases that are\n Case is released to a payment center\n                                                                                                                                          dismissed can not\n  of headquarters or SSA Field Office                                         Case Dismissed                                                be appealed to\n              (SSI cases)\n                                                                                                                                                court\n\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                                                                                            C-7\n\x0cAverage Processing Time for Hearings Appeals\n\n\xe2\x80\xa2   The process starts by the application for benefits being denied at the initial,\n    reconsideration, and hearing levels.\n\xe2\x80\xa2   The claimant has received denial or dismissal of claim from the ALJ in the hearings\n    process.\n\xe2\x80\xa2   If the claimant does not request Appeals Council review the process ends.\n\xe2\x80\xa2   If the claimant requests Appeals Council review, the request is made through the HA-\n    520-U5 form or a letter can be submitted to SSA.\n\xe2\x80\xa2   The start day is derived from the HA-520-U5 form or the postmark of the letter is\n    used. Refer to HALLEX for instructions.\n\xe2\x80\xa2   The claimant sends the request to the Appeals Council.\n\xe2\x80\xa2   The Appeals Council receives the request.\n\xe2\x80\xa2   Support staff enters data from the request for review into ACAPS.\n\xe2\x80\xa2   Data is uploaded from CPMS or manually entered into ACAPS.\n\xe2\x80\xa2   Support staff takes pre-adjudicative actions, if applicable.\n              o Pre-adjudicative actions involve: a missing folder/tape must be obtained;\n                 duplicates of hearing tapes or exhibits of record are sent to the\n                 claimant/representative for review, representative is given extension of\n                 time to submit additional evidence; development of "good cause" for\n                 untimely filling of appeals is undertaken.\n\xe2\x80\xa2   The case is assigned to an analyst.\n\xe2\x80\xa2   The analyst reviews case.\n\xe2\x80\xa2   The analyst prepares a recommendation and action document.\n\xe2\x80\xa2   The recommendation is entered into ACAPS by support staff.\n\xe2\x80\xa2   The analyst submits the recommendation thru batch control to the Appeals Council.\n\xe2\x80\xa2   The recommendation and action document is reviewed by an Administrative Appeals\n    Judge (AAJ).\n\xe2\x80\xa2   The AAJ makes a decision to accept the recommendation and action document. If\n    the AAJ does not accept the recommendation and/or action document, the case is\n    sent back to the analyst to review the case.\n\xe2\x80\xa2   The AAJ signs the recommendation and action document if they accept.\n\xe2\x80\xa2   If the action document requires the concurrence of two AAJs, the second AAJ is\n    assigned within the branch based on an assignment chart.\n              o The recommendation and action document is reviewed by the second\n                 AAJ.\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)             C-8\n\x0c              o If the second AAJ agrees with the first AAJ, the second AAJ will make a\n                 final disposition.\n              o If the second AAJ does not agree with the first\'s decision, both the initial\n                 and second AAJs will discuss the case. If they still do not agree, the case\n                 is assigned to a third AAJ (Deputy Chair of the Appeals Council or his/her\n                 designee). The two AAJs who agree on the recommendation become the\n                 A and B members of the case and sign the recommendation document.\n\xe2\x80\xa2   AAJ(s) make(s) final disposition.\n\xe2\x80\xa2   If an interim action was issued, the interim actions are entered into ACAPS and\n    processed.\n\xe2\x80\xa2   If the case was remanded to an Administrative Law Judge (ALJ) the case is\n    transferred to an ALJ at the Hearing Office.\n\xe2\x80\xa2   If the case was a denial, dismissal or favorable decision, the support staff enters the\n    data (disposition type/date) into ACAPS and issues a disposition (releases action\n    document).\n              o The performance measure, "Reduce the Average Number of Days\n                 Needed to Process Hearings Appeals," is generated from this data.\n              o The performance owner reviews the indicator results.\n              o Reporting of the performance indicator "Reduce the Average Number of\n                 Days Needed to Process Hearings Appeals" is performed and submitted\n                 to OSM.\n\xe2\x80\xa2   If the disposition was a favorable decision, the case is released to a payment center\n    or SSA Field Office (SSI cases).\n\xe2\x80\xa2   If the disposition was not a favorable decision, the type of verdict decides the next\n    action.\n              o If the case was dismissed, it cannot be appealed to court.\n              o If the case was denied or an unfavorable decision was issued, the files are\n                 sent to an SSA Mega-Site for holding, pending a possible civil action. In\n                 this circumstance, the claimant can file a suit in Federal district court.\n\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                C-9\n\x0c                                                                            Appendix D\n\nAgency Comments\n\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)\n\x0c                                         SOCIAL SECURITY\n\nMEMORANDUM\n\nDate:      May 2, 2007                                                           Refer To:   S1J-3\n\nTo:        Patrick P. O\'Carroll, Jr.\n           Inspector General\n\nFrom:      Larry W. Dye /s/\n\nSubject:   Office of the Inspector General (OIG) Draft Report, "Performance Indicator Audit: Hearings and\n           Appeals Process" (A-15-06-16113)--INFORMATION\n\n\n           We appreciate OIG\xe2\x80\x99s efforts in conducting this review. Our comments on the recommendations\n           are attached.\n\n           Please let me know if we can be of further assistance. Staff inquiries may be directed to\n           Ms. Candace Skurnik, Director, Audit Management and Liaison Staff, at (410) 965-4636.\n\n\n           Attachment\n\n\n\n\n           Performance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                   D-1\n\x0cCOMMENTS ON THE OFFICE OF THE INSPECTOR GENERAL\xe2\x80\x99S (OIG) DRAFT\nREPORT, \xe2\x80\x9cPERFORMANCE INDICATOR AUDIT: HEARINGS AND APPEALS\nPROCESS\xe2\x80\x9d (A-15-06-16113)\n\nThank you for the opportunity to review and comment on this draft report. Our responses to the\nspecific recommendations are provided below.\n\nRecommendation 1\n\nEnhance application input edits within the Case Processing and Management System (CPMS),\nincluding controls to prevent users from disposing of cases due to death without entering a date\nof death.\n\nComment\n\nWe agree. The June 2007 release of CPMS will require the user to enter the claimant\xe2\x80\x99s date of\ndeath when the case disposition indicates the claimant\xe2\x80\x99s death.\n\nRecommendation 2\n\nEnsure that the CPMS UNIX systems are configured to be in compliance with the Social\nSecurity Administration (SSA) UNIX Risk Model and Government guidelines from the National\nInstitutes of Standard and Technology (NIST) and the Defense Information Security Agency\n(DISA).\n\nComment\n\nWe agree with ensuring our compliance with the SSA UNIX Risk Model. SSA has a functional\nworkgroup that meets monthly to address various issues related to UNIX configuration and\nsecurity, which includes ensuring that systems are configured based on the UNIX Risk Model.\n\nWe disagree with the inclusion of NIST guidelines 5153 Section 3.2.2 in the footnote on page 6\nof this report. NIST has a note in the 5153 document that states: \xe2\x80\x9cTHIS DOCUMENT HAS\nBEEN SUPERSEDED BY THE FEDERAL CRITERIA.\xe2\x80\x9d NIST\xe2\x80\x99s Guide for Developing\nSecurity Plans for Federal Information Systems, publication 800-18, is more current and,\ntherefore, more relevant to this audit. Also, while the DISA Security Technical Implementation\nGuide provides a checklist that minimizes the security risks associated with computer hardware\nor software systems, Federal law does not require SSA to comply with this guide as this\nrecommendation implies.\n\nRecommendation 3\n\nStrengthen password parameters in the Appeals Council Automated Processing System\n(ACAPS) to require encryption of the passwords, lockout of user\xe2\x80\x99s accounts after a set number of\nfailed log in attempts, the use of alphanumeric passwords with a minimum of eight characters.\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                     D-2\n\x0cComment\n\nWe disagree. ACAPS was implemented in 1995. Since that time, the system has undergone\nseveral upgrades. Technologically, ACAPS is now outdated and recent enhancements to the\nsystem have been limited to emergency requirements, pending a full replacement of the system.\nThe first Appeals Council (AC) system release to replace ACAPS is scheduled for January 2008.\nOnce fully implemented, the architecture of the new AC system will support the above\nrecommendation and ACAPS will be retired.\n\nIn addition, the Office of Management and Budget Circular A-11, section 230.2e, states\n\xe2\x80\x9cPerformance data need not be perfect to be reliable, particularly if the cost and effort to secure\nthe best performance data will exceed the value of any data so obtained.\xe2\x80\x9d We believe this\ndirective applies to this situation.\n\nRecommendation 4\n\nStrengthen the ACAPS application to include security incident reports for tracking inappropriate\naccess attempts to ACAPS.\n\nComment\n\nWe disagree. See our response to recommendation 3.\n\nRecommendation 5\n\nGenerate error logs for ACAPS activities to ensure timely identification and follow-up of data\nentry errors.\n\nComment\n\nWe disagree. See our response to recommendation 3.\n\nRecommendation 6\n\nRequire ACAPS users to enter all identifying fields to prevent duplicate cases.\n\nComment\n\nWe disagree. See our response to recommendation 3.\n\n\n\n\nPerformance Indicator Audit: Hearings and Appeals Process (A-15-06-16113)                        D-3\n\x0c                       Overview of the Office of the Inspector General\nThe Office of the Inspector General (OIG) is comprised of our Office of Investigations (OI),\nOffice of Audit (OA), Office of the Chief Counsel to the Inspector General (OCCIG), and Office\nof Resource Management (ORM). To ensure compliance with policies and procedures, internal\ncontrols, and professional standards, we also have a comprehensive Professional Responsibility\nand Quality Assurance program.\n                                         Office of Audit\nOA conducts and/or supervises financial and performance audits of the Social Security\nAdministration\xe2\x80\x99s (SSA) programs and operations and makes recommendations to ensure\nprogram objectives are achieved effectively and efficiently. Financial audits assess whether\nSSA\xe2\x80\x99s financial statements fairly present SSA\xe2\x80\x99s financial position, results of operations, and cash\nflow. Performance audits review the economy, efficiency, and effectiveness of SSA\xe2\x80\x99s programs\nand operations. OA also conducts short-term management and program evaluations and projects\non issues of concern to SSA, Congress, and the general public.\n\n\n                                     Office of Investigations\nOI conducts and coordinates investigative activity related to fraud, waste, abuse, and\nmismanagement in SSA programs and operations. This includes wrongdoing by applicants,\nbeneficiaries, contractors, third parties, or SSA employees performing their official duties. This\noffice serves as OIG liaison to the Department of Justice on all matters relating to the\ninvestigations of SSA programs and personnel. OI also conducts joint investigations with other\nFederal, State, and local law enforcement agencies.\n\n\n                     Office of the Chief Counsel to the Inspector General\nOCCIG provides independent legal advice and counsel to the IG on various matters, including\nstatutes, regulations, legislation, and policy directives. OCCIG also advises the IG on\ninvestigative procedures and techniques, as well as on legal implications and conclusions to be\ndrawn from audit and investigative material. Finally, OCCIG administers the Civil Monetary\nPenalty program.\n\n\n                                Office of Resource Management\nORM supports OIG by providing information resource management and systems security. ORM\nalso coordinates OIG\xe2\x80\x99s budget, procurement, telecommunications, facilities, and human\nresources. In addition, ORM is the focal point for OIG\xe2\x80\x99s strategic planning function and the\ndevelopment and implementation of performance measures required by the Government\nPerformance and Results Act of 1993.\n\x0c'